Api.core.htmlreport equivalent in current OWASPZAPDotNetAPI

115 views
Skip to first unread message

Devin Crumb

unread,
Apr 5, 2023, 2:07:24 PM4/5/23
to OWASP ZAP User Group
Hello,

We had a client utility that would periodically run the OWASP ZAP tests and save the reports locally to the client.  The OWASP ZAP Server that we are using is on a different system and maintain by a different team so we do not have access to the flite system that OWASP ZAP Server is running on.  We use to use Api.core.htmlreport to generate the HTML report as it would return the report in the body of the request that would let us save it locally to the client.  This API is no longer available and we are wondering if there is a way to duplicate this functionality with the latest OWASPZAPDotNetAPI.

Thanks

Devin

Simon Bennetts

unread,
Apr 5, 2023, 3:42:25 PM4/5/23
to OWASP ZAP User Group
Hi Devin,

The ZAP core.htmlreport endpoint is still available in ZAP. It is is depreciated but should still work as before.
The new reports.generate endpoint is the one to use going forwards.

Cheers,

Simon

Devin Crumb

unread,
Apr 5, 2023, 5:12:31 PM4/5/23
to OWASP ZAP User Group
I understand that the new reports.generate endpoint is the one to use going forward.  From what I have seen trying it, it only return the full path name of the report file that was created by  reports.generate.  But, that is on the server file system.  I need it on the client.  So how do I duplicate the functionality of the ZAP core.htmlreport endpoint (which returns the actual HTML report) using the new reports.generate endpoint and/or other endpoints once the core.htmlreport endpoint is removed?  In other words, how can I get on the client the report that was generated using the new reports.generate endpoint?

Devin

Simon Bennetts

unread,
Apr 6, 2023, 4:59:50 AM4/6/23
to OWASP ZAP User Group
Hi Devin,

We dont actually recommend that ZAP is run as a long running server :/
However we do want to provide the reatures people need.
The new reports can contain multiple files - eg HTML, CSS, images .. but we could return a zip of all of them via a new endpoint.
Would that work for you?

Cheers,

Simon

Devin Crumb

unread,
Apr 6, 2023, 10:14:36 AM4/6/23
to OWASP ZAP User Group
Yes, that would be helpful.  Thanks.

thc...@gmail.com

unread,
Apr 10, 2023, 10:03:51 AM4/10/23
to zaprox...@googlegroups.com
An issue has been raised:
https://github.com/zaproxy/zaproxy/issues/7821

Best regards.
Reply all
Reply to author
Forward
0 new messages